﻿using IdentityServer4.Models;
using IdentityServer4;

namespace Demo.Net.IdentityServer.IdentityServer
{



    public class IdentityServer
    {
        public IEnumerable<ApiScope> ApiScopes { get; set; } = new List<ApiScope>();
        public IEnumerable<ApiResource> ApiResources { get; set; } = new List<ApiResource>();
        public IEnumerable<IdentityResource> IdentityResources { get; set; } = new List<IdentityResource>();
        public IEnumerable<Client> Clients { get; set; } = new List<Client>();
    }

    public class IdentityViewModel
    {
        public static IdentityServer IdentityServer
        {
            get
            {
                return new IdentityServer
                {
                    ApiScopes = new List<ApiScope>
                    {
                        new ApiScope("demo.net.identity.api.all", "demo.net.identity.api full access")
                    },
                    ApiResources = new List<ApiResource>
                    {
                        new ApiResource("demo.net.identity.api", "demo.net.identity.Api")
                        {
                            Scopes = { "demo.net.identity.api.all" },
                            ApiSecrets = { new Secret("!@#$%.demo.net.identity.Api.709394.cert".Sha256()) }
                        }
                    },
                    IdentityResources = new List<IdentityResource>
                    {
                        new IdentityResources.OpenId(),
                        new IdentityResources.Profile(),

                    },
                    Clients = new List<Client>
                    {

                        //隐式授权(swagger)
                        new Client
                        {
                            ClientId = "swaggerui",
                            ClientName = "demo.net.identity.Api",
                            AccessTokenType = AccessTokenType.Reference,
                            AllowedGrantTypes = GrantTypes.Implicit,
                            AllowAccessTokensViaBrowser = true,
                            RedirectUris =
                            {
                                "http://localhost:7281/swagger/oauth2-redirect.html",
                                "http://192.168.31.117:7281/swagger/oauth2-redirect.html"
                            },
                            AllowOfflineAccess = true,
                            UpdateAccessTokenClaimsOnRefresh = true,
                            AllowedScopes =
                            {
                                IdentityServerConstants.StandardScopes.OpenId,
                                IdentityServerConstants.StandardScopes.Profile,
                                "demo.net.identity.api.all"
                            }
                        },
                        new Client
                        {
                            ClientId = "demo.net.test",
                            ClientName = "demo.net.test",
                            ClientSecrets = { new Secret("!@#$%.demo.net.identity.1311.cert".Sha256()) },
                            AccessTokenType = AccessTokenType.Reference,
                            AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                            AllowOfflineAccess = true,
                            UpdateAccessTokenClaimsOnRefresh = true,
                            AllowedScopes =
                            {
                                IdentityServerConstants.StandardScopes.OpenId,
                                IdentityServerConstants.StandardScopes.Profile,
                                IdentityServerConstants.StandardScopes.OfflineAccess,
                                "demo.net.identity.api.all"
                            }
                        },
                        //自定义授权类型
                        new Client
                        {
                            ClientId = "demo.net.identity",
                            ClientName = "demo.net.identity",
                            ClientSecrets = { new Secret("!@#$%.demo.net.identity.709394.cert".Sha256()) },
                            AccessTokenType = AccessTokenType.Reference,
                             
                            AllowedGrantTypes =
                            {
                                GrantTypeConst.ApLoginGrant
                            },
                            AllowOfflineAccess = true,
                            UpdateAccessTokenClaimsOnRefresh = true,
                            AllowedScopes =
                            {
                                IdentityServerConstants.StandardScopes.OpenId,
                                IdentityServerConstants.StandardScopes.Profile,
                                IdentityServerConstants.StandardScopes.OfflineAccess,
                                "demo.net.identity.api.all"
                            }
                        },
                       new Client
                        {
                            ClientId = "demo.net.identity.wx",
                            ClientName = "demo.net.identity.wx",
                            ClientSecrets = { new Secret("!@#$%.demo.net.wx.cert".Sha256()) },
                            AccessTokenType = AccessTokenType.Jwt,
                         
                            AllowedGrantTypes =
                            {
                                GrantTypeConst.WxLoginGrant
                            },
                            AllowOfflineAccess = true,
                            UpdateAccessTokenClaimsOnRefresh = true,
                            AllowedScopes =
                            {
                                IdentityServerConstants.StandardScopes.OpenId,
                                IdentityServerConstants.StandardScopes.Profile,
                                IdentityServerConstants.StandardScopes.OfflineAccess,
                                "demo.net.identity.api.all"
                            }
                        }
                    }
                };
            }
        }
    }
}
